Geronimo > OpenLDAP not quite right......

Wed, 03 Apr 2013 14:26:02 -0700 

Hi:

I'm currently using Geronimo 2.2 and OpenLDAP: slapd 2.3.43.

I’m trying to create an LDAP Security Realm on the Geronimo server that will
query my OpenLDAP server. For the most part, it works. However, the realm
cannot seem to differentiate between the two different groups on the LDAP
server. Resulting in any member being authenticated no matter which group
they belong to, which is not what I want. I’m only trying to authenticate
users if they are members of the 'CLINICS' group.

Here’s how my LDAP is setup:

dc=mydomain,dc=on,dc=ca         (objectClass=dcObject, organization)
  ou=groups                     (objectClass=organizationalUnit)
    cn=ADMIN                    (objectClass=groupOfUniqueNames)
    cn=CLINICS                  (objectClass=groupOfUniqueNames)
      uid=User1,ou=people,dc=mydomain,dc=on,dc=ca
      uid=User2,ou=people,dc=mydomain,dc=on,dc=ca
      uid=User3,ou=people,dc=mydomain,dc=on,dc=ca
    cn=SUPPLIERS                        (objectClass=groupOfUniqueNames)
      uid=Supplier1,ou=people,dc=mydomain,dc=on,dc=ca
      uid=Supplier2,ou=people,dc=mydomain,dc=on,dc=ca
  ou=people                     (objectClass=organizationalUnit)
    uid=User1                   (objectClass=inetOrgPerson)
    uid=User2                   (objectClass=inetOrgPerson)
    uid=User3                   (objectClass=inetOrgPerson)
    uid=Supplier1                       (objectClass=inetOrgPerson)
    uid=Supplier1                       (objectClass=inetOrgPerson)

On the Geronimo Side, here is how I set up my realm:

Initial Context Factory: com.sun.jndi.ldap.LdapCtxFactory
Connection URL: ldap://localhost:389
Connect Username: cn=someuser,dc=mydomain,dc=on,dc=ca 
Connect Password: secret
Confirm Password: secret
Connect Protocol:
Authentication: simple
User Base: ou=people,dc=mydomain,dc=on,dc=ca 
User Search Matching: uid={0}
User Search Subtree: false
Role Base: cn=CLINICS,ou=groups,dc=vpcl,dc=on,dc=ca
Role Name: cn
Role User Search String: uid={0}
Role Search Subtree: false
User Role Search String: memberOf={0}


I’ve tried replacing the ‘User Search Matching’ and or the ‘Role User Search
String’ with stuff like:

(&(uid={0})(cn=CLINICS,ou=groups,dc=mydomain,dc=on,dc=ca)(attr=uniqueMember))

But it’s just not working out. 

On a side note: I do have Apache directives using this LDAP database as well
as some PHP Applications. I just don’t know why I can’t get Geronimo to work
with it.

Any help would be appreciated.

Thanks...

Fred




--
View this message in context: 
http://apache-geronimo.328035.n3.nabble.com/Geronimo-OpenLDAP-not-quite-right-tp3986519.html
Sent from the Users mailing list archive at Nabble.com.

Reply via email to